ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

82% of CIOs say software supply chains are vulnerable

By Shannon Williams
Fri 3 Jun 2022

A new study from Venafi has found 82% of CIOS say their organisations are vulnerable to cyberattacks targeting software supply chains. 

The shift to cloud native development, along with the increased speed in development brought about by the adoption of DevOps processes, has made the challenges connected with securing software supply chains infinitely more complex. 

Meanwhile, adversaries, motivated by the success of high-profile software supply chain attacks on companies like SolarWinds and Kaseya, are stepping up attacks against software build and distribution environments.

According to the study, the sharp increase in the number and sophistication of these attacks over the last 12 months has brought this issue into sharp focus, gaining the attention of CEOs and Boards. As a result, CIOs are becoming increasingly concerned about the serious business disruptions, revenue loss, data theft and customer damage that can result from successful software supply chain attacks.

Key findings from the study:

  • 87% of CIOs believe software engineers and developers compromise on security policies and controls in order to get new products and services to market faster.
  • 85% of CIOs have been specifically instructed by the board or CEO to improve the security of software build and distribution environments.
  • 84% say the budget dedicated to the security of software development environments has increased over the past year.

"Digital transformation has made every business a software developer. And as a result, software development environments have become huge target for attackers," says Kevin Bocek, vice president of threat intelligence and business development for Venafi. 

"Hackers have discovered that successful supply chain attacks, especially those that target machine identities, are extremely efficient and more profitable," he says.
 
Bocek has seen literally dozens of ways to compromise development environments in these types of attacks, including attacks that leverage open source software components like Log4j. 

"The reality is that developers are focused on innovation and speed rather than security," he says. 

"Unfortunately, security teams rarely have the knowledge or the resources to help developers solve these problems and CIOs are just waking up to these challenges."

More than 90% of software applications use open source components, and the dependencies and vulnerabilities associated with open source software are extremely complex. CI/CD and DevOps pipelines are typically structured to enable developers to move quickly but not necessarily more securely. In the push to innovate faster, the complexity of open source and the speed of development limit the efficacy of software supply chain security controls.

CIOs realise they need to change their approach to overcome these challenges. As a result:

  • 68% are implementing more security controls
  • 57% are updating their review processes
  • 56% are expanding their use of code signing, a key security control for software supply chains
  • 47% are looking at the provenance of their open source libraries

 
"CIOs realise they need to improve software supply chain security but its extremely difficult to determine exactly where the risks are, which improvements provide the greatest increase in security, and how these changes reduce risk over time," says Bocek. 

"We can't solve this problem using existing methodologies. Instead, we need to think differently about the identity and integrity of the code we are building and using, and we need to protect and secure it at every step of the development process at machine speed."

Related stories
Top stories
Story image
eCommerce
Online shoppers leaving cart because of high shipping costs - report
New research commissioned by HUBBED reveals 90% of online shoppers abandoned a cart due to high shipping costs, and 64% say the lack of security was a purchase deterrent.
Story image
Dark web
Beware the darkverse and its cyber-physical threats 
A darkverse of criminality hidden from law enforcement could quickly evolve to fuel a new industry of metaverse-related cybercrime.
Story image
Australian Spatial Analytics
Australian Spatial Analytics expands to Melbourne
The data services provider employing neurodiverse people experiences significant growth, gearing up for national expansion.
Story image
Gaming
Attacks on gaming companies more than double over past year
The State of the Internet report shows gaming companies and gamer accounts are at risk, following a surge in web application attacks post pandemic.
Story image
Physical Security
PMT Security awarded sole Australian distribution rights to SmokeCloak
PMT Security will soon become the sole distributor of SmokeCloak in Australia, with the company being awarded the exclusive rights to represent the SmokeCloak brand.
Story image
Microsoft
Spectralink DECT devices now integrated with Microsoft Teams SIP Gateway
Spectralink DECT devices are now integrated with Microsoft Teams SIP Gateway to help create better results for business-critical frontline workers.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
i-PRO
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Digital Transformation
Macquarie Telecom rolls out SD-WAN services for mycar Tyre & Auto
Macquarie Telecom says it has rolled out NBN and SD-WAN services to more than 270 mycar Tyre & Auto stores across Australia. 
Story image
Document Management
TrustRadius gives M-Files two document management awards
TrustRadius has recognised M-Files with both a 2022 Best Feature Set and a 2022 Best Relationship award in document management.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Firewall
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Cybersecurity
Optic Security Group on Australia recruitment drive
Trans-Tasman security integrator looks to meet the twin challenges of high client project demand tight & labour market supply with new opportunities.
Story image
Identity and Access Management
Pitney Bowes launches rebranded digital visitor management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
SaaS
Claroty launches new cloud-based industrial cybersecurity platform
The company says Claroty xDome is the industry's first solution to deliver the ease and scalability of SaaS without compromising on visibility, protection, and monitoring controls.
Story image
Cheetah Digital
Privacy, data ethics and the ‘seismic shift’ in consumer trust
Aussie consumers have low levels of trust for advertising, but will pay more to purchase from a trusted brand, a new report from Cheetah Digital reveals.
Story image
Data Protection
Cloud privacy, data protection more complex than on-prem
In the past 12 months, over a third of Australian businesses (36%) experienced a cloud-based data breach or failed audit. 
Story image
First Nations
Google.org and INCO's $750,000 First Nations digitisation fund
INCO has launched its First Australians Digitisation Fund, with support from Google.org, to help organisations using tech to achieve better outcomes for First Nations communities.
Story image
Neat
Workplace design a crucial factor for better employee experience - report
The key to a successful workplace could be its design, according to research from Ecosystm and Neat.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
ACCC
Telstra to address 5G competition concerns by ACCC
The Australian Competition and Consumer Commission has accepted a court-enforceable undertaking from Telstra to address competition concerns with Optus.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
Home Entertainment
Hands-on review: TCL 65″ C835 Mini LED 4K Google TV
We introduce you today to a TV that brings the height of immersion to your viewing experience: The TCL 65″ C835 Mini LED 4K Google TV.
Story image
Gigabit
Keysight Technologies and Nokia’s public test of 800GE success
Keysight and Nokia have successfully demonstrated the first public 800GE test, validating the readiness of next-generation optics for service providers and network operators.
Story image
Mergers and Acquisitions
Netskope acquires Infiot, delivers integrated SASE platform
Converged SASE platform provides AI-driven zero trust security and simplified, optimised connectivity to any network location or device, including IoT.
Story image
Enterprise
Fortinet reports second quarter 2022 financial results
“We delivered strong revenue and billings growth in the second quarter driven by an increase in the number of transactions larger than one million dollars."
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Web application firewall
Radware recognised in KuppingerCole’s 2022 Leadership Compass report
Radware has been named a Product, Innovation, Market and Overall Leader in the 2022 KuppingerCole Leadership Compass report for Web Application Firewalls.
Story image
Sustainability
Green hydrogen company Hysata raises AUD $42.5 million
Global investors are supporting Hysata's hydrogen electrolyser technology as the organisation closes its oversubscribed Series A funding round of AUD $42.5 million. 
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
BAI Communications Australia
BAI Communications to help improve mobile coverage across regional NSW
Deputy Premier and Minister for Regional NSW Paul Toole said regional communities deserve reliable and affordable mobile services.
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
Biometrics
AU biometric security company achieves B Corp cert
Australian biometric security firm Daltrey has announced it has become the first cybersecurity vendor in AU to achieve the B Corp certification.
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
Enterprise Resource Planning / ERP
Exclusive: SYSPRO on how ERP plays a role in Australia's manufacturing investment plan
While there is a significant drive for change, it's really down to execution, and businesses need to be prepared to find the right strategies for them to make full use of the government support.
Wiise
Discover why cloud ERP is central to a growing business' tech stack. Sign up now for free.
Link image